Home

CVE-2020-11022

Description

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuerys DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
7.242

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Oracle WebLogic Server 14.1.1.0.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0Windows
Vulnerabilities CVE-2020-11022 are fixed in Nessus 8.13.0Windows
Vulnerabilities CVE-2020-11022 are fixed in Tenable Nessus 8.13.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Multiple Vulnerabilities are affected in Netapp Snapcenter -Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight -Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Vulnerabilities CVE-2020-11022 are affected in Oracle Hospitality Simphony 18.1Windows
Vulnerabilities CVE-2020-11022 are affected in Oracle Hospitality Simphony 18.2Windows
Vulnerabilities CVE-2020-11022 are affected in Oracle Hospitality Simphony 19.1.2Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise SCM Purchasing 9.2Windows
Vulnerabilities CVE-2019-10086,CVE-2020-11022 are affected in Oracle Financial Services Revenue Management and Billing 2.7.0Windows
Vulnerabilities CVE-2019-10086,CVE-2020-11022 are affected in Oracle Financial Services Revenue Management and Billing 2.8.0Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2Windows
Vulnerabilities CVE-2020-23064,CVE-2020-11023,CVE-2020-11022 are fixed in WebJars - jquery 3.5.0Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.7Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.1Windows
Vulnerabilities CVE-2020-23064,CVE-2020-11023,CVE-2020-11022 are fixed in Ruby-jquery-rails 4.4.0Windows
Vulnerabilities CVE-2020-11022 are fixed in Nuget - jQuery 3.5.0Windows
drupal7 security update(DSA-4693-1) drupal7_7.52-2+deb9u10_all.debLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-client-4.6.8-5.el7.x86_64.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-client-common-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-common-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-python-compat-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-4.6.8-5.el7.x86_64.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-common-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-dns-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipaclient-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipalib-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipaserver-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-java-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-kra-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-server-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python3-pki-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpmLinux
(RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpmLinux
Apache-commons-collections update (ELSA-2020-4847) apache-commons-collections-3.2.2-10.module+el8.3.0+7697+44932688.noarch.rpmLinux
Apache-commons-lang update (ELSA-2020-4847) apache-commons-lang-2.6-21.module+el8.3.0+7697+44932688.noarch.rpmLinux
Apache-commons-net update (ELSA-2020-4847) apache-commons-net-3.6-3.module+el8.3.0+7697+44932688.noarch.rpmLinux
Bea-stax-api update (ELSA-2020-4847) bea-stax-api-1.2.0-16.module+el8.3.0+7697+44932688.noarch.rpmLinux
Glassfish-fastinfoset update (ELSA-2020-4847) glassfish-fastinfoset-1.2.13-9.module+el8.3.0+7697+44932688.noarch.rpmLinux
Glassfish-jaxb-api update (ELSA-2020-4847) glassfish-jaxb-api-2.2.12-8.module+el8.3.0+7697+44932688.noarch.rpmLinux
Glassfish-jaxb-core update (ELSA-2020-4847) glassfish-jaxb-core-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpmLinux
Glassfish-jaxb-runtime update (ELSA-2020-4847) glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpmLinux
Glassfish-jaxb-txw2 update (ELSA-2020-4847) glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jackson-annotations update (ELSA-2020-4847) jackson-annotations-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jackson-core update (ELSA-2020-4847) jackson-core-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jackson-databind update (ELSA-2020-4847) jackson-databind-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jackson-jaxrs-json-provider update (ELSA-2020-4847) jackson-jaxrs-json-provider-2.9.9-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jackson-jaxrs-providers update (ELSA-2020-4847) jackson-jaxrs-providers-2.9.9-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jackson-module-jaxb-annotations update (ELSA-2020-4847) jackson-module-jaxb-annotations-2.7.6-4.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jakarta-commons-httpclient update (ELSA-2020-4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+7697+44932688.noarch.rpmLinux
Javassist update (ELSA-2020-4847) javassist-3.18.1-8.module+el8.3.0+7697+44932688.noarch.rpmLinux
Javassist-javadoc update (ELSA-2020-4847) javassist-javadoc-3.18.1-8.module+el8.3.0+7697+44932688.noarch.rpmLinux
Jss update (ELSA-2020-4847) jss-4.7.3-1.module+el8.3.0+7857+983338ee.x86_64.rpmLinux
Jss-javadoc update (ELSA-2020-4847) jss-javadoc-4.7.3-1.module+el8.3.0+7857+983338ee.x86_64.rpmLinux
Ldapjdk update (ELSA-2020-4847) ldapjdk-4.22.0-1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Ldapjdk-javadoc update (ELSA-2020-4847) ldapjdk-javadoc-4.22.0-1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Pki-base update (ELSA-2020-4847) pki-base-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Pki-base-java update (ELSA-2020-4847) pki-base-java-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Pki-ca update (ELSA-2020-4847) pki-ca-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Pki-kra update (ELSA-2020-4847) pki-kra-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Pki-server update (ELSA-2020-4847) pki-server-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Pki-servlet-4.0-api update (ELSA-2020-4847) pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Pki-servlet-engine update (ELSA-2020-4847) pki-servlet-engine-9.0.30-1.module+el8.3.0+7697+44932688.noarch.rpmLinux
Pki-symkey update (ELSA-2020-4847) pki-symkey-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.x86_64.rpmLinux
Pki-tools update (ELSA-2020-4847) pki-tools-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.x86_64.rpmLinux
Python-nss-doc update (ELSA-2020-4847) python-nss-doc-1.0.1-10.module+el8.3.0+7697+44932688.x86_64.rpmLinux
Python3-nss update (ELSA-2020-4847) python3-nss-1.0.1-10.module+el8.3.0+7697+44932688.x86_64.rpmLinux
Python3-pki update (ELSA-2020-4847) python3-pki-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
RelaxngDatatype update (ELSA-2020-4847) relaxngDatatype-2011.1-7.module+el8.3.0+7697+44932688.noarch.rpmLinux
Resteasy update (ELSA-2020-4847) resteasy-3.0.26-3.module+el8.3.0+7697+44932688.noarch.rpmLinux
Slf4j update (ELSA-2020-4847) slf4j-1.7.25-4.module+el8.3.0+7697+44932688.noarch.rpmLinux
Slf4j-jdk14 update (ELSA-2020-4847) slf4j-jdk14-1.7.25-4.module+el8.3.0+7697+44932688.noarch.rpmLinux
Stax-ex update (ELSA-2020-4847) stax-ex-1.7.7-8.module+el8.3.0+7697+44932688.noarch.rpmLinux
Tomcatjss update (ELSA-2020-4847) tomcatjss-7.5.0-1.module+el8.3.0+7857+983338ee.noarch.rpmLinux
Velocity update (ELSA-2020-4847) velocity-1.7-24.module+el8.3.0+7697+44932688.noarch.rpmLinux
Xalan-j2 update (ELSA-2020-4847) xalan-j2-2.7.1-38.module+el8.3.0+7697+44932688.noarch.rpmLinux
Xerces-j2 update (ELSA-2020-4847) xerces-j2-2.11.0-34.module+el8.3.0+7697+44932688.noarch.rpmLinux
Xml-commons-apis update (ELSA-2020-4847) xml-commons-apis-1.4.01-25.module+el8.3.0+7697+44932688.noarch.rpmLinux
Xml-commons-resolver update (ELSA-2020-4847) xml-commons-resolver-1.2-26.module+el8.3.0+7697+44932688.noarch.rpmLinux
Xmlstreambuffer update (ELSA-2020-4847) xmlstreambuffer-1.5.4-8.module+el8.3.0+7697+44932688.noarch.rpmLinux
Xsom update (ELSA-2020-4847) xsom-0-19.20110809svn.module+el8.3.0+7697+44932688.noarch.rpmLinux
JavaScript library for dynamic web applications (USN-7246-1) libjs-jquery_3.3.1~dfsg-3ubuntu0.1_all.debLinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update python3-qrcode-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpmLinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update python3-qrcode-core-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpmLinux
Vulnerabilities CVE-2020-23064,CVE-2020-11023,CVE-2020-11022 are fixed in WebJars - jquery for Linux 3.5.0Linux
Vulnerabilities CVE-2020-23064,CVE-2020-11023,CVE-2020-11022 are fixed in Ruby-jquery-rails for Linux 4.4.0Linux
Vulnerabilities CVE-2020-11022 are fixed in Nuget - jQuery for Linux 3.5.0Linux
CVE-2020-11022NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234